1. Check out our companion app, Forums for Android! Download from Google Play

Root Security bulletin for Rooted users.

Discussion in 'Android Devices' started by draconius, Sep 20, 2010.

  1. draconius

    draconius Well-Known Member
    Thread Starter
    36

    Jul 24, 2010
    230
    3
    36

    Advertisement

  2. OMJ

    OMJ Bazinga
    213

    Nov 27, 2009
    3,290
    825
    213
    Finance
    Pennsylvania
    A little surprising that its not encrypted but really its not that big a deal. Definitely a little scary for those with exchange accounts that end up listed there though.

    I have always been very careful with installing root apps. I stick to known devs and or apps with lots positive feedback when it comes to root apps. If you go installing every root app under the sun then you are asking to get hit with something malicious.
     
  3. izomiac

    izomiac Active Member
    18

    Jul 9, 2010
    41
    21
    18
    I'm a little surprised that people didn't know that any "Remember my password" feature anywhere effectively stores passwords in plain text unless you enter a Master Password or similar. ("Keep me logged in" is somewhat different.) This isn't any more of an issue for Root users as normal users if there are active root exploits, since obviously a malicious app could then root an unrooted phone.

    Such features trade security for convenience, so it's a design decision that can't really be made more secure. Effective encryption can only be used if the key is kept secret, which can't be done if your phone isn't asking you for a decryption key. Encrypting then storing the key in plaintext is completely pointless.

    Even if passwords were securely stored, a malicious root app can install a rootkit. I won't go into specifics, but suffice to say at that point it's no longer "your" phone.

    Required reading for owning an electronic device:
    10 Immutable Laws of Security

    For the curious, here's a follow-up set of articles that examine how well the previous one held up from it's publication in 2000 to 2008:
    10 Immutable Laws of Security Revisited: Part 1
    10 Immutable Laws of Security Revisited: Part 2
    10 Immutable Laws of Security Revisited: Part 3
     

Share This Page

Loading...